Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

NSA Bank System Tracking Revealed in Shadow Brokers' Zero-Day List

NEWS ANALYSIS: The group Shadow Brokers revealed a list of zero-day vulnerabilities for Microsoft Windows that that had been patched or were soon to be fixed. But the list contained hints that the NSA was tracking an important international banking service.

When the hacker group Shadow Brokers released its latest list of Windows vulnerabilities last week, much of the security community was aghast. The new leaks listed a series of hacking tools aimed at those Windows vulnerabilities along with tools aimed at other services and operating systems, ostensibly stolen from the National Security Agency several months ago.

The leaks appeared to be so serious that some security researchers were calling it a Windows apocalypse. Then on April 14, Microsoft spoiled all that fun by pointing out that the vulnerabilities that everyone was all atwitter over had actually been patched a month earlier. This meant that if you were using a machine that had been patched, your machine shouldn't be vulnerable any more.

Microsoft’s Phillip Misner, Principal Security Group Manager for the Microsoft Security Response Center explained in his blog what was going on. “Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” he said. Misner provided a chart of the exploits and of the updates that fixed them.

It’s worth noting that not only was the information from Shadow Brokers not an apocalypse, some of the vulnerabilities were nearly a decade old. One was fixed before the days of Windows Vista. The most recent fix was sent out in March, 2017, about a month before the revelations.

Originally Shadow Brokers tried to auction the vulnerabilities and the tools that were used to exploit them, but there were no takers. At the time it was clear that many of those tools were already known, but on further examination, it seems that they simply were old.

But that doesn’t mean that there isn’t any risk. While Windows computers that run up to date versions of Windows aren’t at risk for these exploits, there are a lot of machines that are still running Windows XP and are no longer supported by Microsoft, and these machines are vulnerable.

Related Reading

In addition, enterprise implementations of Windows 7 and Windows 10 are frequently not up to date because the IT departments delay deployments of security patches for as long as several months to confirm that any updates don’t break anything. Those machines may be vulnerable and will be highly attractive to cyber-attackers.

This means that enterprise IT departments should identify the updates from Microsoft that contain the fixes in the list and apply them as soon as possible. While it pays to be careful when making changes to mission-critical software, it doesn’t pay when you know those fixes are related to real attacks.